ClickFix Campaign Abuses Compromised Sites to Deploy MIMICRAT Malware | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software ...

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

CVE-2026-1357 exposes a critical WordPress WPvivid plugin flaw, allowing unauthenticated RCE, enabling attackers to upload PHP files and fully compromise sites. The post CVE-2026-1357: WordPress ...

Critical vulnerabilities in four widely used VS Code extensions could enable file theft and remote code execution across 125M installs.

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

$300 a month buys you a backdoor that looks like legit software Researchers at Proofpoint late last month uncovered what they describe as a "weird twist" on the growing trend of criminals abusing ...

A new Android malware implant using Google Gemini to perform persistence tasks was discovered on VirusTotal and analyzed by ESET ...

ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow.

Modern PDF platforms can now function as full attack gateways rather than passive document viewers.

A fake CAPTCHA scam is tricking Windows users into running PowerShell commands that install StealC malware and steal passwords, crypto wallets, and more.

Introduction Android continues to dominate the global mobile market in 2026, powering billions of devices across every region ...